Connecting to the Firewall Services Module

This section describes how to connect or "session" to the FWSM from the switch command line. It also describes how to log out of the FWSM to access the switch CLI. This section includes the following topics:

Logging in to the FWSM

The FWSM does not have an external console port, you must session in to the FWSM for initial configuration. Later, when you configure interfaces and IP addresses on the FWSM itself, you can access the FWSM CLI remotely through an FWSM interface. See Chapter 21 "Configuring Management Access," for more information.

To exit privileged mode, enter disable. You can also enter exit or quit to exit the current access mode (privileged EXEC mode, global configuration mode, and so on).

Step 5 To access configuration mode, enter the following command:

hostname# configure terminal

The prompt changes to the following:

hostname(config)#

Logging out of the FWSM

To end the FWSM session and access the switch CLI, enter the following command:

hostname# exit

Logoff

[Connection to 127.0.0.31 closed by foreign host]

Router#

You might need to enter the exit command multiple times if you are in a configuration mode.

Managing the Configuration

This section describes how to work with the configuration. The FWSM loads the configuration from a text file, called the startup configuration.

When you enter a command, the change is made only to the running configuration in memory. You must manually save the running configuration to the startup configuration for your changes to remain after a reboot.

Saving Each Context and System Separately

To save the system or context configuration, enter the following command within the system or context:

hostname# write memory

Note The copy running-config startup-config command is equivalent to the write memory command.

For multiple context mode, context startup configurations can reside on external servers. In this case, the FWSM saves the configuration back to the server you identified in the context URL, except for an HTTP or HTTPS URL, which do not let you save the configuration to the server.

Saving All Context Configurations at the Same Time

To save all context configurations at the same time, as well as the system configuration, enter the following command in the system execution space:

hostname# write memory all [/noconfirm]

If you do not enter the /noconfirm keyword, you see the following prompt:

Are you sure [Y/N]:

After you enter Y, the FWSM saves the system configuration and each context. Context startup configurations can reside on external servers. In this case, the FWSM saves the configuration back to the server you identified in the context URL, except for an HTTP or HTTPS URL, which do not let you save the configuration to the server.

After the FWSM saves each context, the following message appears:

`Saving context `b' ... ( 1/3 contexts saved ) '

Sometimes, a context is not saved because of an error. See the following information for errors:

•For contexts that are not saved because of low memory, the following message appears:

The context 'context a' could not be saved due to Unavailability of resources

•For contexts that are not saved because the remote destination is unreachable, the following message appears:

The context 'context a' could not be saved due to non-reachability of destination

•For contexts that are not saved because the context is locked, the following message appears:

Unable to save the configuration for the following contexts as these contexts are
locked.

context `a' , context `x' , context `z' .

A context is only locked if another user is already saving the configuration or in the process of deleting the context.

•For contexts that are not saved because the startup configuration is read-only (for example, on an HTTP server), the following message report is printed at the end of all other messages:

Unable to save the configuration for the following contexts as these contexts have
read-only config-urls:

context `a' , context `b' , context `c' .

•For contexts that are not saved because of bad sectors in the Flash memory, the following message appears:

The context 'context a' could not be saved due to Unknown errors

Copying the Startup Configuration to the Running Configuration

Copy the new startup configuration to the running configuration using one of these options:

•To merge the startup configuration with the current running configuration, enter the following command:

hostname(config)# copy startup-config running-config

A merge adds any new commands from the new configuration to the running configuration. If the configurations are the same, no changes occur. If commands conflict or if commands affect the running of the context, then the effect of the merge depends on the command. You might get errors, or you might have unexpected results.

•To load the startup configuration and discard the running configuration, restart the FWSM by entering the following command:

hostname# reload

Alternatively, you can use the following commands to load the startup configuration and discard the running configuration without requiring a reboot:

hostname(config)#clear configure all

hostname(config)#copy startup-config running-config

Viewing the Configuration

The following commands let you view the running and startup configurations.

•To view the running configuration, enter the following command:

hostname# show running-config

•To view the running configuration of a specific command, enter the following command:

hostname# show running-config command

•To view the startup configuration, enter the following command:

hostname# show startup-config

Clearing and Removing Configuration Settings

To erase settings, enter one of the following commands.

•To clear all the configuration for a specified command, enter the following command:

This command clears all the current configuration for the specified configuration command. If you only want to clear the configuration for a specific version of the command, you can enter a value for level2configurationcommand.

For example, to clear the configuration for all aaa commands, enter the following command:

hostname(config)# clear configure aaa

To clear the configuration for only aaa authentication commands, enter the following command:

hostname(config)# clear configure aaa authentication

•To disable the specific parameters or options of a command, enter the following command:

In this case, you use the no command to remove the specific configuration identified by qualifier.

For example, to remove a specific nat command, enter enough of the command to identify it uniquely as follows:

hostname(config)# no nat (inside) 1

•To erase the startup configuration, enter the following command:

hostname(config)# write erase

•To erase the running configuration, enter the following command:

hostname(config)# clear configure all

Note In multiple context mode, if you enter clear configure all from the system configuration, you also remove all contexts and stop them from running.

Creating Text Configuration Files Offline

This guide describes how to use the CLI to configure the FWSM; when you save commands, the changes are written to a text file. Instead of using the CLI, however, you can edit a text file directly on your PC and paste a configuration at the configuration mode command-line prompt in its entirety, or line by line. Alternatively, you can download a text file to the FWSM internal Flash memory. See Chapter 22 "Managing Software, Licenses, and Configurations," for information on downloading the configuration file to the FWSM.

In most cases, commands described in this guide are preceded by a CLI prompt. The prompt in the following example is "hostname(config)#":

hostname(config)# context a

In the text configuration file you are not prompted to enter commands, so the prompt is omitted as follows: